From: Thorsten Glaser Date: Wed, 7 May 2014 08:21:35 +0000 (+0200) Subject: Fix format string vulnerabilities X-Git-Url: https://git.madduck.net/code/vcsh.git/commitdiff_plain/40e5aabecac46a43b1e68d7c8cb0a4668e780bb1?hp=-c Fix format string vulnerabilities Never pass user input as first argument of printf(1), similar to how you never do that with printf(3). Signed-off-by: Thorsten Glaser --- 40e5aabecac46a43b1e68d7c8cb0a4668e780bb1 diff --git a/vcsh b/vcsh index 31a6019..355e9fa 100755 --- a/vcsh +++ b/vcsh @@ -255,7 +255,7 @@ list_tracked_by() { pull() { hook pre-pull for VCSH_REPO_NAME in $(list); do - printf "$VCSH_REPO_NAME: " + printf '%s: ' "$VCSH_REPO_NAME" GIT_DIR=$VCSH_REPO_D/$VCSH_REPO_NAME.git; export GIT_DIR use git pull @@ -268,7 +268,7 @@ pull() { push() { hook pre-push for VCSH_REPO_NAME in $(list); do - printf "$VCSH_REPO_NAME: " + printf '%s: ' "$VCSH_REPO_NAME" GIT_DIR=$VCSH_REPO_D/$VCSH_REPO_NAME.git; export GIT_DIR use git push